What You Need to Know About Microsoft’s New Blockchain-Based Vision for Decentralized Identities
Earlier this week, Microsoft announced that is planning to leverage blockchain technologies to build a next generation identity platform based on a decentralized architecture. The decision can be seen as controversial as Microsoft is one of the biggest centralized identity authorities in the internet with assets such as Office365, Azure Active Directory, Xbox or Outlook.com that managed millions of identities globally. However, if you follow the work that the Redmond giant has been doing as part of the Decentralized Identity Foundation(DIF), then the news should not come as a surprise.
A lot has been said about the impactful role that blockchain technologies can have in the next generation identity management platforms. However, with the exception of some companies such as GuardTime and their work with the government of Estonia, very little has been done in order to take these concepts mainstream. Microsoft’s decision is certainly an ambitious move to enable decentralized identity management at scale. In order to understand Microsoft’s vision about decentralized, blockchain-based digital identities, we should start by analyzing the challenges with the current generation of identity management solutions.
What’s Wrong with Digital Identities Today?
Identity is one of the pillars of the modern internet and, until recently, one that was really hard to enable at scale. For decades identity management remained one of the unsolved problems of the internet. That arguably changed in the last few years when identity providers such as Facebook or Google opened up their identity platforms to third party applications. However, despite the progress, the current model to identity management solutions has some fundamental flaws.
1)Provider Centric vs. User Centric
The current model to digital identities is based on users trusting dozens of identity providers with their information and constantly granting access to third party applications to use that identity representation. That model does not only require implicit trust in centralized identity authorities but is also impossible to manage. If you don’t believe me, try to enumerate the number of websites and mobile apps that you have recently granted access to your Facebook or Google identities and you will realize what I mean. In an ideal world, identity systems should put the user in control of its own identity and the providers should focus on asserting claims about specific identities.
2)Authentication-Federation vs. Trust
Traditional identity management solutions are mostly based on authentication and access control models enabled by centralized providers as well as by identity federation bridges built between them. In the real world, identity is less about what you have access to and more about who you are. From that perspective, a next generation identity platform should provide an organic model to nurture assertions about the identity of a user that can be easily used across providers.
3)Google, Amazon and Facebook Own Your World
You can argue that Google, Amazon and Facebook know more about your identity than other important entities in your life like the government, banks or your employer. Those three companies cover the major pillars of your digital life: Internet(Google), Ecommerce(Amazon) and Social(Facebook). Together, we are trusting those entities with a disproportional control over our digital identities that can result on unfortunate events. It is not a coincidence that the U.S Senate has been having active discussions about whether some of these entities should be regulated.
What is Microsoft’s New Vision?
In order to address some of the aforementioned challenges, Microsoft envisioned a new generation of digital identity systems powered by blockchain protocols. Specifically, Microsoft believes that public blockchains such as Ethereum or Litecoin are well suited to incorporate protocols to enable the management of digital identities. The ultimate goal should be to transition the control identity assertions back to its rightful users while maintaining high levels of security and privacy.
What is Microsoft Planning to Deliver?
Microsoft’s vision for decentralized identities is still in very early stages. In collaboration with other vendors, Microsoft announced that is actively working on the following initiatives to enable a new wave of decentralized identity management protocols and solutions:
- Decentralized Identifiers (DIDs) — a W3C spec that defines a common document format for describing the state of a Decentralized Identifier
- Identity Hubs — an encrypted identity datastore that features message/intent relay, attestation handling, and identity-specific compute endpoints.
- Universal DID Resolver — a server that resolves DIDs across blockchains
- Verifiable Credentials — a W3C spec that defines a document format for encoding DID-based attestations.
In more practical terms, Microsoft also revealed its plans to pilot decentralized identities as part of its Authenticator service. In that model, Microsoft Authenticator will be able to act as your gateway to manage identity data and cryptographic keys. The current plans is to keep an off-chain platform that supplements public blockchains with some of the components mentioned in the previous section. In that architecture, only the ID is rooted on chain. Identity data is stored in an off-chain ID Hub (that Microsoft can’t see) encrypted using these cryptographic keys.
I am planning to deep dive into the different components of Microsoft’s decentralized identity architecture in a future post.
